diff options
author | Radim Krčmář <rkrcmar@redhat.com> | 2018-01-06 17:26:37 +0100 |
---|---|---|
committer | Radim Krčmář <rkrcmar@redhat.com> | 2018-01-06 17:26:37 +0100 |
commit | bb4945e60dd0b5afb0e92bc8006ce560948fbc39 (patch) | |
tree | f36c0f1d00219c376d8ce3ada92e32ba0ec97eb9 | |
parent | 0cb5b30698fdc8f6b4646012e3acb4ddce430788 (diff) | |
parent | c2cf265d860882b51a200e4a7553c17827f2b730 (diff) | |
download | linux-bb4945e60dd0b5afb0e92bc8006ce560948fbc39.tar.bz2 |
Merge tag 'kvm-s390-master-4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux
KVM: s390: fixes for cmma migration
Two fixes for potential bitmap overruns in the cmma migration
code.
-rw-r--r-- | arch/s390/kvm/kvm-s390.c | 9 | ||||
-rw-r--r-- | arch/s390/kvm/priv.c | 2 |
2 files changed, 6 insertions, 5 deletions
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c index ec8b68e97d3c..2c93cbbcd15e 100644 --- a/arch/s390/kvm/kvm-s390.c +++ b/arch/s390/kvm/kvm-s390.c @@ -792,11 +792,12 @@ static int kvm_s390_vm_start_migration(struct kvm *kvm) if (kvm->arch.use_cmma) { /* - * Get the last slot. They should be sorted by base_gfn, so the - * last slot is also the one at the end of the address space. - * We have verified above that at least one slot is present. + * Get the first slot. They are reverse sorted by base_gfn, so + * the first slot is also the one at the end of the address + * space. We have verified above that at least one slot is + * present. */ - ms = slots->memslots + slots->used_slots - 1; + ms = slots->memslots; /* round up so we only use full longs */ ram_pages = roundup(ms->base_gfn + ms->npages, BITS_PER_LONG); /* allocate enough bytes to store all the bits */ diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c index 572496c688cc..0714bfa56da0 100644 --- a/arch/s390/kvm/priv.c +++ b/arch/s390/kvm/priv.c @@ -1006,7 +1006,7 @@ static inline int do_essa(struct kvm_vcpu *vcpu, const int orc) cbrlo[entries] = gfn << PAGE_SHIFT; } - if (orc) { + if (orc && gfn < ms->bitmap_size) { /* increment only if we are really flipping the bit to 1 */ if (!test_and_set_bit(gfn, ms->pgste_bitmap)) atomic64_inc(&ms->dirty_pages); |